我已经在我的SpringCloudGateway应用程序中设置了SpringSecurity。当我点燃它的时候。它将我带到一个html页面,在那里我必须选择首选的oauth 2.0类型。
我的pom spring版本2.3.12
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>application.yml
spring:
profiles: default
security:
oauth2:
resourceserver:
jwt:
issuer-uri: https://qa-abchc.cs195.force.com
client:
registration:
sfdc:
client-id: 3MVG9GnaLrwG9T5ZpEfaDCVDu7N4BibMIHajVSUG5F6epm
scope: openid,email,phone,profile
client-secret: fkdslfjklsdjflksjdflsj
authorization-grant-type: authorization_code
redirect-uri: http://localhost:7999/oauth2/callback/sfdc
abc:
client-id: OIDC_CLIENT
scope: openid,email,phone,profile
client-secret: dfjskldjflskfjls
authorization-grant-type: authorization_code
redirect-uri: http://localhost:7999/oauth2/callback/abc
provider:
sfdc:
authorization-uri: https://qa-abchc.cs195.force.com/abcidp/services/oauth2/authorize
token-uri: https://qa-abchc.cs195.force.com/abcidp/services/oauth2/token
abc:
authorization-uri: https://rrtrr.abc.com/fss/as/authorization.oauth2
token-uri: https://rrtrr.abc.com/fss/as/token.oauth2和
@Configuration
@EnableWebFluxSecurity
public class OAuth2WebSecurity {
@Value("${spring.security.oauth2.client.provider.sfdc.issuer-uri}")
String issuerUri;
@Bean
ReactiveJwtDecoder jwtDecoder() {
return ReactiveJwtDecoders.fromOidcIssuerLocation(issuerUri);
}
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http,
ReactiveClientRegistrationRepository clientRegistrationRepository) {
http.csrf().disable().authorizeExchange().pathMatchers("/favicon.ico", "/css/**", "/webjars/**",
"/api/v1.0/applications/**", "/api/v1.0/users/**", "/oauth2/**", "/login/**", "/oauth2/callback/ge",
"/*").permitAll().anyExchange().authenticated().and().oauth2Login().authorizationRequestResolver(
authorizationRequestResolver(clientRegistrationRepository)).and().oauth2ResourceServer(
oauth2 -> oauth2.authenticationManagerResolver(authenticationManagerResolver));
return http.build();
}
@Bean
public ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver(
ReactiveClientRegistrationRepository clientRegistrationRepository) {
return new DefaultServerOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
new PathPatternParserServerWebExchangeMatcher("/login/{registrationId}"));
}
}当我尝试在浏览器中访问它时,它会转到http://localhost:8080/login 它返回一个html页面,在这里我可以选择yaml文件中提到的任何一个oauth。
现在,我如何禁用这个html并让它基于上下文路径选择oauth?
本地主机:8080/login/-->转到身份验证服务器
localhost:8080/login/sfdc-->转到sfdc身份验证服务器
身份验证后,它应该转到默认的rest控制器或某个筛选器类
@RestController
public class LoginController {
@GetMapping("/oauth2/callback/ge")
public String getLoginInfo(@AuthenticationPrincipal OidcUser principal) {
System.out.println(principal.getAccessTokenHash());
return "loginSuccess";
}
@GetMapping("/oauth2/callback/sfdc")
public String getLoginSfdcInfo(@AuthenticationPrincipal OidcUser principal) {
System.out.println(principal.getAccessTokenHash());
return "loginSuccess";
}
}
1条答案
按热度按时间wb1gzix01#
登录页面由spring security生成。您可以通过指定自己的登录页面来禁用它:
所有这些都是设置一个身份验证入口点,该入口点重定向到/my自定义登录页面。这可能不是您想要的,但它将禁用默认登录页面。如果在未经身份验证的用户发出请求时没有所需的页面或重定向,则不必执行重定向。例如,当用户未通过身份验证时,这将返回401:
要更改授权端点的路径,可以使用
ServerOAuth2AuthorizationRequestResolver:这将允许
/login/及/login/sfdc去 `` 及sfdc分别基于您的客户注册。最后,回调由spring security处理。所以你的控制器不会被调用。您将要定义身份验证成功处理程序:
您可以在文档的oauth2 webflux部分阅读更多关于这方面的内容。